Chromium Code Reviews Chromium Code Reviews
Issue 473153002:
Inline sign in extracts gaia id from HTTP header and seeds account tracker (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/browser/resources/gaia_auth/main.js |
| diff --git a/chrome/browser/resources/gaia_auth/main.js b/chrome/browser/resources/gaia_auth/main.js |
| index ba48c65dc9049f2dc8cb453d754480286497b3f8..5708fa73779399a1b124e54bf3c2f63c1df448bf 100644 |
| --- a/chrome/browser/resources/gaia_auth/main.js |
| +++ b/chrome/browser/resources/gaia_auth/main.js |
| @@ -48,6 +48,7 @@ Authenticator.getInstance = function() { |
| Authenticator.prototype = { |
| email_: null, |
| + gaiaId_: null, |
| // Depending on the key type chosen, this will contain the plain text password |
| // or a credential derived from it along with the information required to |
| @@ -56,6 +57,9 @@ Authenticator.prototype = { |
| // when support for key types other than plain text password is added. |
| passwordBytes_: null, |
| + chooseWhatToSync_: false, |
| + skipForNow_: false, |
| + sessionIndex_: null, |
| attemptToken_: null, |
| // Input params from extension initialization URL. |
| @@ -104,10 +108,6 @@ Authenticator.prototype = { |
| this.GAIA_URL.indexOf(msg.origin) == 0; |
| }, |
| - isInternalMessage_: function(msg) { |
| - return msg.origin == Authenticator.THIS_EXTENSION_ORIGIN; |
| - }, |
| - |
| isParentMessage_: function(msg) { |
| return msg.origin == this.parentPage_; |
| }, |
| @@ -165,9 +165,9 @@ Authenticator.prototype = { |
| }); |
| this.supportChannel_.registerMessage( |
| 'switchToFullTab', this.switchToFullTab_.bind(this)); |
| - this.supportChannel_.registerMessage( |
| - 'completeLogin', this.completeLogin_.bind(this)); |
| } |
| + this.supportChannel_.registerMessage( |
| + 'completeLogin', this.onCompleteLogin_.bind(this)); |
| this.initSAML_(); |
| this.maybeInitialized_(); |
| }.bind(this)); |
| @@ -220,8 +220,11 @@ Authenticator.prototype = { |
| this.passwordBytes_, |
| 'usingSAML': this.isSAMLFlow_, |
| 'chooseWhatToSync': this.chooseWhatToSync_ || false, |
| - 'skipForNow': opt_extraMsg && opt_extraMsg.skipForNow, |
| - 'sessionIndex': opt_extraMsg && opt_extraMsg.sessionIndex |
| + 'skipForNow': (opt_extraMsg && opt_extraMsg.skipForNow) || |
| + this.skipForNow_, |
| + 'sessionIndex': (opt_extraMsg && opt_extraMsg.sessionIndex) || |
| + this.sessionIndex_, |
| + 'gaiaId': (opt_extraMsg && opt_extraMsg.gaiaId) || this.gaiaId_ |
| }; |
| window.parent.postMessage(msg, this.parentPage_); |
| this.supportChannel_.send({name: 'resetAuth'}); |
| @@ -268,6 +271,7 @@ Authenticator.prototype = { |
| // from the GAIA login form are no longer relevant and can be discarded. |
| this.isSAMLFlow_ = true; |
| this.email_ = null; |
| + this.gaiaId_ = null; |
| this.passwordBytes_ = null; |
| } |
| @@ -316,8 +320,9 @@ Authenticator.prototype = { |
| console.error('Authenticator.onAPICall_: unsupported key type'); |
| return; |
| } |
| + // Not setting |email_| and |gaiaId_| because this API call will |
| + // eventually be followed by onCompleteLogin_() which does set it. |
| this.apiToken_ = call.token; |
| - this.email_ = call.user; |
| this.passwordBytes_ = call.passwordBytes; |
| } else if (call.method == 'confirm') { |
| if (call.token != this.apiToken_) |
| @@ -342,21 +347,35 @@ Authenticator.prototype = { |
| }); |
| }, |
| - onConfirmLogin_: function() { |
| - if (!this.isSAMLFlow_) { |
| - this.completeLogin_(); |
| + /** |
| + * Callback invoked for 'completeLogin' message. |
| + */ |
| + onCompleteLogin_: function(extraMsg) { |
|
bartfab (slow)
2014/10/17 09:54:56
Nit 1: Anecdotal evidence shows that the naming se
Roger Tawa OOO till Jul 10th
2014/10/20 16:04:00
Done.
|
| + if (!extraMsg.email || !extraMsg.gaiaId || !extraMsg.sessionIndex) { |
| + console.error('Missing fields to complete login.'); |
| + window.parent.postMessage( |
| + {method: 'showFatalAuthError', |
| + message: 'foo'}, |
|
bartfab (slow)
2014/10/17 09:54:55
I think the correct solution here would be analogo
Roger Tawa OOO till Jul 10th
2014/10/20 16:04:00
Done.
|
| + this.parentPage_); |
| return; |
| } |
| - var apiUsed = !!this.passwordBytes_; |
| + // Skip SAML extra steps for desktop flow and non-SAML flow. |
| + if (!this.isSAMLFlow_ || this.desktopMode_) { |
| + this.completeLogin_(extraMsg); |
| + return; |
| + } |
| - // Retrieve the e-mail address of the user who just authenticated from GAIA. |
| - window.parent.postMessage({method: 'retrieveAuthenticatedUserEmail', |
| - attemptToken: this.attemptToken_, |
| - apiUsed: apiUsed}, |
| - this.parentPage_); |
| + this.email_ = extraMsg.email; |
| + this.gaiaId_ = extraMsg.gaiaId; |
| + // Password from |extraMsg| is not used because ChromeOS SAML flow |
| + // gets password by asking user to confirm. |
| + this.skipForNow_ = extraMsg.skipForNow; |
| + this.sessionIndex_ = extraMsg.sessionIndex; |
| - if (!apiUsed) { |
| + if (this.passwordBytes_) { |
| + this.completeLogin_(extraMsg); |
| + } else { |
| this.supportChannel_.sendWithCallback( |
| {name: 'getScrapedPasswords'}, |
| function(passwords) { |
| @@ -374,13 +393,6 @@ Authenticator.prototype = { |
| } |
| }, |
| - maybeCompleteSAMLLogin_: function() { |
| - // SAML login is complete when the user's e-mail address has been retrieved |
| - // from GAIA and the user has successfully confirmed the password. |
| - if (this.email_ !== null && this.passwordBytes_ !== null) |
| - this.completeLogin_(); |
| - }, |
| - |
| onVerifyConfirmedPassword_: function(password) { |
| this.supportChannel_.sendWithCallback( |
| {name: 'getScrapedPasswords'}, |
| @@ -388,7 +400,11 @@ Authenticator.prototype = { |
| for (var i = 0; i < passwords.length; ++i) { |
| if (passwords[i] == password) { |
| this.passwordBytes_ = passwords[i]; |
| - this.maybeCompleteSAMLLogin_(); |
| + // SAML login is complete when the user's e-mail address has |
|
bartfab (slow)
2014/10/17 09:54:56
Nit: Remove the part of the comment about e-mail r
Roger Tawa OOO till Jul 10th
2014/10/20 16:04:00
Done.
|
| + // been retrieved from GAIA and the user has successfully |
| + // confirmed the password. |
| + if (this.email_ !== null && this.passwordBytes_ !== null) |
|
bartfab (slow)
2014/10/17 09:54:56
Nit: We no longer need this condition. |email_ !=
Roger Tawa OOO till Jul 10th
2014/10/20 16:04:00
Done.
|
| + this.completeLogin_(); |
| return; |
| } |
| } |
| @@ -401,6 +417,7 @@ Authenticator.prototype = { |
| onMessage: function(e) { |
| var msg = e.data; |
| if (msg.method == 'attemptLogin' && this.isGaiaMessage_(e)) { |
| + // At this point GAIA does not yet know the gaiaId, so its not set here. |
| this.email_ = msg.email; |
| this.passwordBytes_ = msg.password; |
| this.attemptToken_ = msg.attemptToken; |
| @@ -416,27 +433,12 @@ Authenticator.prototype = { |
| this.maybeInitialized_(); |
| } |
| this.email_ = null; |
| + this.gaiaId_ = null; |
|
bartfab (slow)
2014/10/17 09:54:55
My question from patchset 32 still stands:
Should
Roger Tawa OOO till Jul 10th
2014/10/20 16:04:00
Done.
|
| this.passwordBytes_ = null; |
| this.attemptToken_ = null; |
| this.isSAMLFlow_ = false; |
| if (this.supportChannel_) |
| this.supportChannel_.send({name: 'resetAuth'}); |
| - } else if (msg.method == 'setAuthenticatedUserEmail' && |
| - this.isParentMessage_(e)) { |
| - if (this.attemptToken_ == msg.attemptToken) { |
| - this.email_ = msg.email; |
| - this.maybeCompleteSAMLLogin_(); |
| - } |
| - } else if (msg.method == 'confirmLogin' && this.isInternalMessage_(e)) { |
| - // In the desktop mode, Chrome needs to wait for extra info such as |
| - // session index from the background JS. |
| - if (this.desktopMode_) |
| - return; |
| - |
| - if (this.attemptToken_ == msg.attemptToken) |
| - this.onConfirmLogin_(); |
| - else |
| - console.error('Authenticator.onMessage: unexpected attemptToken!?'); |
| } else if (msg.method == 'verifyConfirmedPassword' && |
| this.isParentMessage_(e)) { |
| this.onVerifyConfirmedPassword_(msg.password); |
